The big issue I’ve had is that if I use the built in syslog generation, all the events appear to come from the OSSEC server. So if it can fake the “location” to be where it actually comes from, then I could indeed use any syslog frontend.
-- James Pulver Information Technology Area Supervisor LEPP Computer Group Cornell University From: [email protected] [mailto:[email protected]] On Behalf Of ash kumar Sent: Tuesday, October 25, 2011 2:39 PM To: [email protected] Subject: Re: [ossec-list] ossec-wui BUG I think this is the most practical course of action. Generalizing to syslog formats will ensure that the archive logs can be added to any management system rather than painfully slapping something together. I have wasted far too much time getting logstash to behave.
